Closed Bug 677814 Opened 12 years ago Closed 10 years ago

Infrastructure to manage permissions and groups


( Graveyard :: Wiki pages, defect, P1)



(Not tracked)



(Reporter: openjck, Unassigned)



We will need some kind of interface for manually assigning permissions to users and revoking permissions from them. This type of manual permission control may not be ideal, but it will be necessary until we implement more automated control, like bug 677799 details.

Summary: Manual permission control → Interface for manual permission control
Blocks: 675842
Blocks: 677810
Blocks: 757245
Version: Kuma → unspecified
Component: Website → Landing pages
Tweaking the title, and here's what I'm planning (copied from bug 768498):

Mostly as a note to myself, but feel free to discuss - I've had a notion to build a django app to support creation and management of "teams":

Initially, I'd thought this would be mainly useful for But, it could also be handy as a self-service tool we use to offer for users to form groups & manage roles and permissions with respect to documents created and managed by group members.

That is, someone could start the "/docs/*/SomeNewProject" subtree of wiki pages and form a "SomeNewProject" team to support it. Only members of that team with the appropriate role-based permissions would be able to edit pages beneath "/docs/*/SomeNewProject". Certain members of the team (ie. starting with the founding member) would have permissions to manage team membership & roles & permissions, etc.

Of course, site-wide admins would still have permission to do anything anywhere, but this could help subdivide responsibilities in an organic way.
Blocks: 677806
No longer blocks: 675842
Summary: Interface for manual permission control → Infrastructure to manage permissions and groups
That sounds excellent. I would like to be sure that admins can adjust these teams' permissions and membership, of course.

That sounds like a really great way to do things. I love it.

This would also give us a way to set up localization teams where the team leaders may have additional permissions, such as page moving or other potentially sensitive capabilities.

It might be nice if the permissions could also optionally be restricted by locale, so that we could give a localization team lead permission to move pages, but only within their own locale.
Whiteboard: u=administrator c=users p=
Some progress - I've been working on a django app called "teamwork":

Teamwork adds a bunch of infrastructure for permissions (eg. view, edit, review) granted by per-object policies and by roles on teams that own objects. It's turned into a bigger thing than I'd hoped, but I think it's almost there.

Poking :ubernostrum for some new eyes on this thing, since I'm pretty sure it's very naive with respect to Django. The docs are non-existent so far, but a decent starting point to see what I'm trying to do is in the thick of the tests:

There's also an included mini-wiki site that I've been using to experiment, which might help show off some features, too.
Flags: needinfo?(jbennett)
App looks good to me; I've looked through the code a bit and don't see any huge red flags; if anything, might submit a couple little tweak-y pull requests for it down the road.
Flags: needinfo?(jbennett)
I'm not confident as to whether this is production-ready yet, even as an MVP, but I submitted a PR for initial review:
This was actually merged as groundwork for bug 768498
Closed: 10 years ago
Resolution: --- → FIXED
Product: → Graveyard
You need to log in before you can comment on or make changes to this bug.